DrupalCon SF 2010: An enterprise approach to securing your Drupal sites
Like any new technology, introducing Drupal into your organization is bound to raise questions and objections from a host of vested interests. One of the initial objections is often security. This concern is often more acute when your organization doesn't have a history with the rest of the stack -- so Linux, PHP, MySQL, and/or Apache are new and unknown as well.
This session focus on the types of risks that your Drupal initiative is likely to face, the controls you should put in place to mitigate that risk, and the process you should follow to verify those controls. We'll take a holistic approach to security that stretches beyond the specific of Drupal code and configuration and addresses how the entire system is subject to exploitation.